Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Does the Windows AUX bug affect Web servers also?

From: "Gabriel Lawrence" <gabe () landq org>
Date: Wed, 9 Jul 2003 10:28:20 -0700
Yes. It is possible to crash a web server hosted on a windows box using
these "special" files. Usually the vulnerability comes from posting to a
script that attempts to open a file based on the arguments passed to it,
not just by asking for one of these files. (I think IIS isn't dumb
enough to just try them outright anymore... but most people who write
scripts and whatnot aren't aware of this legacy stuff.) I don't know
about different web servers besides IIS, I haven't spent that much time
fooling around with it...

-gabe

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Richard M.
Smith
Sent: Wednesday, July 09, 2003 9:50 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Does the Windows AUX bug affect Web servers
also?

Is it possible to also crash a Web server hosted on a Windows box using
a URL something like:

    http://www.somebody.com/aux

If this particular URL is okay, maybe there are other URLs that will
cause a crash.  For example, POSTing a form to a URL containing AUX.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: